Document IDP MFA policy and processes
Open, In Progress, MediumPublic
Actions

Assigned To

None

Authored By

	jbond
	Jun 10 2021, 9:31 AM

Description

https://idp.wikimedia.org supports u2f tokens which are being used by a number of employs on a trial basis and things work well. however there are still some gaps in our policy and processes such as

how do we deal with a user that has lost there token (validating them, getting them a new token)
Will we support additional MFA options such as webauthn/TOTP
will we support Mobil devices
Will we mandate MFA for all groups of users, services, everyone

We need to consider this issues and document some policies and processes before we should consider rolling MFA out more generally.

Event Timeline

jbond triaged this task as Medium priority.Jun 10 2021, 9:31 AM

jbond created this task.

If I may add to the wish list, support multiple tokens for those that have more than one for added redundancy.

In T284725#7148119, @Volans wrote:

If I may add to the wish list, support multiple tokens for those that have more than one for added redundancy.

For U2F that's currently not support by CAS, but may change in the future. We can still ship two devices to users (so that in case of a loss/breakage it can be switched quickly), but only one a time can be active.

jbond moved this task from Unsorted 💣 to Back Burner 🏛️ on the User-jbond board.Jun 19 2021, 4:12 PM

Aklapper added a project: Infrastructure-Foundations.Jun 21 2021, 8:59 PM

MoritzMuehlenhoff changed the task status from Open to In Progress.Nov 5 2021, 12:28 PM

MoritzMuehlenhoff merged a task: Restricted Task.Jun 26 2023, 3:26 PM

MoritzMuehlenhoff added a subscriber: taavi.

Document IDP MFA policy and processesOpen, In Progress, MediumPublicActions

Description

Event Timeline

Document IDP MFA policy and processes
Open, In Progress, MediumPublic
Actions